CVE-2018-16975: Elefant CMS PHP Code Execution Vulnerability
9.8
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.69297%
CWE
Published
5/13/2022
Updated
4/23/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
elefant/cms | composer | < 2.0.7 | 2.0.7 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from two key points in csspreview.php: 1) file_get_contents() was used with unsanitized $_GET['css'] parameter, allowing attackers to specify .php files. 2) Direct insertion of $_POST['css'] content into HTML without sanitization. Both paths failed to use strip_tags() which was added in the patch to prevent PHP code execution. The combination of filename control and unsanitized content injection created an RCE vector.